HHS Releases Final Rule – Updated HIPAA Privacy And Security Rules

Posted on January 17, 2013 by Frank J. Rosello

HHS has released the long-awaited final rule updating the privacy and security rules under (HIPAA) The Health Insurance Portability and Accountability Act.

Referred to as the “omnibus” privacy and security rule because of its broad reach, it updates earlier HIPAA rules with more stringent privacy and security measures passed under the (ARRA) American Recovery and Reinvestment Act of 2009 .

In a HHS news release today, HHS Secretary Kathleen Sebelius said, “Much has changed in healthcare since HIPAA was enacted over fifteen years ago.” “The new rule will help protect patient privacy and safeguard patients’ health information in an ever-expanding digital age.”

The final rule clarifies a number of key areas including when breaches of information must be reported to the Office for Civil Rights, sets new rules on the use of patient-identifiable information for marketing and fundraising, and expands direct liability under the law to the so-called “business associates” of hospitals and physicians and other “HIPAA-covered entities.” Those associates might include a provider’s healthcare data-miners and health information technology service providers.

It also restores a limited right of consent to patients to control the release of their (PHI) protected health information to their insurance company about their treatment if the pay for that treatment is out of pocket. And it spells out how the greatly increased penalties for privacy and security violations under the ARRA are to be applied.

The Director of the Office for Civil Rights (OCR), Mr. Leon Rodriguez, also said in the HHS news release today, “This final omnibus rule marks the most sweeping changes to the HIPAA Privacy and Security Rules since they were first implemented.” The HHS Office for Civil Rights serves as the lead privacy and security enforcement agency under HIPAA.

Director Rodriguez continues his remarks in the news release by stating, “These changes not only greatly enhance a patient’s privacy rights and protections, but also strengthen the ability of my office to vigorously enforce the HIPAA privacy and security protections, regardless of whether the information is being held by a health plan, a healthcare provider or one of their business associates.”

Click here to read the HHS News Release

Click here to access the Updated HIPAA Privacy and Security Rules – Final Rule

 

• Recent News

  • Texas Launches Certification Program To Bolster HIPAA Compliance
  • Internet Explorer Vulnerability: Steps To Take
  • Five Misconceptions About Cloud Computing
  • ONC Chief’s Perspectives On Patient Privacy and Security
  • ONC Chief DeSalvo Charts New Course

• Press Release Archives

• EI Connections Newsletter Archive

  
  

  Sign up for the
  EI Connections Newsletter

  * Email

  
  

• Categories

  • ACA
  • ACO Rule
  • ACOs
  • Cloud Computing
  • CMS
  • CMS eRx Rules
  • CMS Final Rule
  • CMS Proposed Rule
  • e-Health
  • EHR Adoption
  • EHR Data Sharing
  • EHR Implementation
  • EHR Incentives
  • EHR Information Security
  • EHR Meaningful Use
  • Electronic Health Records
  • Electronic Medical Records
  • EMR
  • Environmental Intelligence
  • Health Information Exchange
  • Health IT
  • Health IT Best Practices
  • Health IT Data Security
  • Health It Interoperability
  • Health IT Policy
  • Health IT Services
  • Healthcare
  • Healthcare Information Security
  • Healthcare Leasing
  • HHS
  • HHS Final Rule
  • HHS Initiatives
  • HIE
  • HIPAA 5010
  • HIPAA Complicance
  • HIPAA Omnibus Rule
  • HIPAA Privacy and Security Rule
  • ICD-10
  • Meaningful Use
  • medical practice best practices
  • mHealth
  • ONC
  • Patient Privacy
  • Personal Health Record
  • PHI Data Security
  • Press Releases
  • Radiology Systems
  • Telehealth
  • Telemedicine

• Tag Cloud

  CMS CMS EHR Incentives CMS Policy EHR EHR Adoption EHR Best Practices EHR Cloud Hosting EHR Consulting EHR Hosting EHR Implementation EHR Incentives EHR Study EHR Technology Enhancements EI Connections Newsletter Electronic Health Records Electronic Medical Records EMR Environmental Intelligence Healthcare Health Information Exchange Health IT Health IT Best Practices Health IT Information Security Health IT Policy Health IT Services Health IT Standards Health IT Tips HHS HIE HIE Standards HIPAA Compliance HIPAA Privacy and Security Rules HIT ICD-10 Meaningful Use medical practice best practices OCR ONC Patient Experience PHI PHI Data Breaches PHI Data Security PHI Security Stage 2 Meaningful Use Rule Stage 3 Meaningful Use